Forum Discussion

Altostratus

Dec 06, 2017

SSL Protocol Stats for SSLv2, SSLv3, TLS1.1 ad TLS1.2 connections with source

Hello Folks, I got a requirement to collect stats for various protocol stats with information on who are initiating those requests. I know that we can use irule to log live requests protoco...

application delivery

connection statistics

Employee

Dec 30, 2017

I know that we can use irule to log live requests protocol version but that would not give me the stats in a correct report format.

is istats applicable?

Introduction to iStats Part 1: Overview by Colin Walker

https://devcentral.f5.com/articles/introduction-to-istats-part-1-overview

e.g.

// config

root@(ve13a)(cfg-sync In Sync)(Active)(/Common)(tmos) list ltm virtual bar
ltm virtual bar {
    destination 172.28.24.10:443
    ip-protocol tcp
    mask 255.255.255.255
    pool foo
    profiles {
        clientssl {
            context clientside
        }
        tcp { }
    }
    rules {
        qux
    }
    source 0.0.0.0/0
    source-address-translation {
        type automap
    }
    translate-address enabled
    translate-port enabled
    vs-index 7
}
root@(ve13a)(cfg-sync In Sync)(Active)(/Common)(tmos) list ltm rule qux
ltm rule qux {
when CLIENTSSL_HANDSHAKE {
  ISTATS::incr "ltm.virtual [virtual name] counter [SSL::cipher version]:[IP::client_addr]" 1
}
}

// stats

[root@ve13a:Active:In Sync] config  tmsh show ltm virtual bar |awk '/User-defined/,0'
User-defined           Value
  tlsv1_172_28_24_1    1
  tlsv1_2_172_28_24_1  1

Help guide the future of your DevCentral Community!

What tools do you use to collaborate? (1min - anonymous)